| 发明名称 |
METHOD AND SYSTEM FOR ENFORCING ACCESS CONTROL POLICIES ON DATA |
| 摘要 |
A method for enforcing access control policies on data owned by a plurality of users includes evaluating the access control policies of users, applying a collusion resistant sharing scheme for generating key shares of an encryption key and delegating the key shares to one or more designated users based on a result of the evaluation. The data is securely dispersed by applying an encryption scheme on all parts of the data to be encrypted to produce encrypted data shares. The encryption scheme is provided such that for decryption of the encrypted data, the encryption key and at least a predetermined number of data shares are provided. Each data share is delegated to one or more designated users, and the data shares and the key shares are distributed to the respective designated users. |
| 申请公布号 |
US2016087793(A1) |
申请公布日期 |
2016.03.24 |
| 申请号 |
US201414786999 |
申请日期 |
2014.04.24 |
| 申请人 |
NEC EUROPE LTD. |
发明人 |
Karame Ghassan;Soriente Claudio;Capkun Srdjan |
| 分类号 |
H04L9/08;G06F21/62;H04L29/06 |
主分类号 |
H04L9/08 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for enforcing access control policies on data owned by a plurality of users, the method comprising:
1) the access control policies of users, b) applying a collusion resistant sharing scheme for generating key shares of an encryption key and delegating the key shares to one or more designated users based on a result of the evaluation of step a), c) dispersing the data by applying an encryption scheme on all parts of the data to be encrypted to produce encrypted data shares, wherein the encryption scheme is provided such that for decryption of the encrypted data, the encryption key and at least a predetermined number of the data shares are provided, d) delegating each of the data shares to one or more designated users, and e) distributing the data shares and the key shares to the respective designated users. |
| 地址 |
Heidelberg DE |
